Seeing the emergence of a new filing season scam, the IRS is urging tax professionals
to step up security and beware of phishing emails that can secretly download malicious
software that can help cybercriminals steal client data.

Only a few days into the filing season, the IRS has already identified a new scam that
began with cybercriminals stealing data from several tax practitioners’ computers and
filing fraudulent tax returns.

In a new twist, the fraudulent returns in a few cases used the taxpayers’ real bank accounts for the deposit. A woman posing as a debt collection agency official then contacted the taxpayers to say a refund was deposited in error and asked the taxpayers to
forward the money to her.

This scheme is likely just the first of many that will be identified this year as the IRS, state
tax agencies and tax industry continue to fight back against tax-related identity thieves.
Because the Security Summit partners have made inroads against identity theft, cybercriminals have evolved their tactics to focus on tax professionals where they can steal
client data.

Thieves know it is more difficult to identify and halt fraudulent tax returns when they
are using real client data such as income, dependents, credits and deductions. Generally,
criminals find alternative ways to get the fraudulent refunds delivered to themselves
rather than the real taxpayers.

Tax professionals are reminded that there is a procedure for them to report data thefts
to the IRS. They need only contact their state’s IRS Stakeholder Liaison, who will notify
appropriate IRS officials and serve as a point of contact.

IRS Criminal Investigation agents are still reviewing this latest data theft scam. However,
the vast majority of data thefts occur because the tax preparer or someone in the office
opened a phishing email and clicked on a link or attachment that contained malware.
There are various forms of malware but some download secretly into computers and
allow thieves to see each keystroke or give thieves remote access to computers. Both versions allow thieves to steal data stored on the computers.